similar to: [SOLVED] Doveadm replicator ssl issues

Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email clients connect fine, https://www.immuniweb.com/ssl/ tests show certificates are ok. However I can't make replication work when I add ssl = yes. Without ssl it works ok. I added verbose_ssl in config and error log shows: dovecot: doveadm(149.x.x.x): Error: SSL handshake failed: SSL_accept()

On 18.11.2019 22.30, Miro Igov via dovecot wrote: > > Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard > certificates. > > Email clients connect fine, https://www.immuniweb.com/ssl/ tests show > certificates are ok. > > However I can?t make replication work when I add ssl = yes. > > Without ssl it works ok. > > ? > > I added

Am 11.10.2019 um 13:22 schrieb C. James Ervin via dovecot: > In setting up my new mail server, I am getting the following in the logs: > > Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS > handshaking: SSL_accept() syscall failed: Success*, > session=<B9OokqCUD+UYNU8K>

Nobody has any clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

Before declaring it not ready for prime time, did you try setting tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt In the oauth2 configuration file as documented in https://doc.dovecot.org/configuration_manual/authentication/oauth2 ? Aki > On 05/12/2019 21:58 mizuki via dovecot <dovecot at dovecot.org> wrote: > > > Hi all, > > We'd like to enable OAuth with

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

On Sat, May 30, 2020 at 11:40 PM Duncan Murdoch <murdoch.duncan at gmail.com> wrote: > > On 30/05/2020 5:23 p.m., Bob Rudis wrote: > > I've updated the dashboard (https://rud.is/r-project-cert-status/) > > script and my notifier script to account for the entire chain in each > > cert. > > You never posted which certificate has expired. Your dashboard shows

On Sat, May 30, 2020 at 11:02 PM Jeroen Ooms <jeroen at berkeley.edu> wrote: [...] > > What you need to do is replace the final certificate with this one > (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then > restart the server. You can also export this from Keychain Access on macOS, btw. find "COMODO RSA Certification Authority" and right click,

Hi I planned to learn R and their machine learning algorithms such as xgboost. I just installed R 3.3 in our CentOS linux system. Linus system: centos-release-6-9.el6.12.3.x86_64 I used the command: yum install R. I successfully install "rJava" and "mlr" packages. Then I used the following command: install.packages("xgboost") Unfortunately, I cannot install xgboost

On macOS 10.15.5 and R-devel: > download.file("https://www.r-project.org", tempfile()) trying URL 'https://www.r-project.org' Error in download.file("https://www.r-project.org", tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning message: In download.file("https://www.r-project.org", tempfile()) : URL

On Thu, August 6, 2020 11:36, MAS Jean-Louis wrote: > Nobody has any clues about the tls cafile ? > > Regards > > Le 04/08/2020 ?? 15:18, MAS Jean-Louis via samba a ??crit??: >> I have several samba servers on Debian 10 all using : >> >> samba 2:4.9.5+dfsg-5+deb10u1 amd64 >> >> I use tls cafile, tls certfile and tls keyfile with certificates

Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta: > download.file("https://www.r-project.org", tempfile()) trying URL 'https://www.r-project.org' Error in download.file("https://www.r-project.org", tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning

# A tibble: 13 x 1 site <chr> 1 beta.r-project.org 2 bugs.r-project.org 3 cran-archive.r-project.org 4 cran.r-project.org 5 developer.r-project.org 6 ess.r-project.org 7 ftp.cran.r-project.org 8 journal.r-project.org 9 r-project.org 10 svn.r-project.org 11 user2011.r-project.org 12 www.cran.r-project.org 13 www.r-project.org is the whole list b/c of the wildcard cert. On

It's the top of chain CA cert, so browsers are being lazy and helpful to humans by (incorrectly, albeit) relying on the existing trust relationship. libcurl (et al) is not nearly as forgiving. On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd at gmail.com> wrote: > > Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file

On 30/05/2020 5:23 p.m., Bob Rudis wrote: > I've updated the dashboard (https://rud.is/r-project-cert-status/) > script and my notifier script to account for the entire chain in each > cert. You never posted which certificate has expired. Your dashboard shows they're all valid, but the download still fails, presumably because something not shown has expired. Hopefully someone

I've updated the dashboard (https://rud.is/r-project-cert-status/) script and my notifier script to account for the entire chain in each cert. On Sat, May 30, 2020 at 5:16 PM Bob Rudis <bob at rud.is> wrote: > > # A tibble: 13 x 1 > site > <chr> > 1 beta.r-project.org > 2 bugs.r-project.org > 3 cran-archive.r-project.org > 4 cran.r-project.org